Security
TrustDAG Bug Bounty Program
The TrustDAG Bug Bounty Program starts during Testnet and continues after launch. Confirmed reports may be rewarded in TDAG. No public reward amounts are published in this first version.
Eligibility
A report must describe a persistent or reproducible bug, must be confirmed by TrustDAG, and must not already have been reported and claimed. A one-second glitch that cannot be reproduced or verified does not qualify.
Report channel
Reports should be sent to security@trustdag.com. Include reproduction steps, affected component, expected behavior, observed behavior, and supporting evidence.
In-scope categories
score reproducibility bugs
identity linkage bugs
wallet-linking bugs
ranking manipulation bugs
pFTS manipulation bugs
FTS replay or reconciliation bugs
DDRS manipulation bugs
governance vote-counting bugs
transaction/ranking mismatch bugs
privacy exposure bugs
branch runtime attestation or delta bugs